karl

@karl@infosec.exchange

Engineer in industrial cybersecurity by day. Interests include Unix, security, cryptography.

Non-technical interests are climbing, records, beer, and whisky. Oh, and MTG.

Will toot in English and French.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jerry, to random

Now that Fusion 360 costs more than the GDP of many countries, what are the cool kids using to design their models for 3d printing?

karl,

@jerry I use Onshape and am quite happy with it. I don't mind my designs being available to the public.

jerry, to random

Have you ever had levels of anxiety that basically prevent you from doing anything productive?

karl,

@jerry Interactions with my manager do that to me.

I need to get out of this company asap, but my skillset is somewhat specific, it's easier said than done.

0xabad1dea, to random

a significant part of my job is telling the customer that their code contains undefined behavior that could explode in their faces on next compiler upgrade, to which the response, invariably, is that they are still using the exact same build of gcc as the day the company was founded in 2007, and they will bury that exact binary of gcc with them in their grave.

karl,

@0xabad1dea This is exactly what I encountered back when I worked at .

sebsauvage, to android French
@sebsauvage@framapiaf.org avatar


Ah tiens je n'avais pas encore pensé à faire une synthèse vocale des messages que je reçois sur Signal quand je suis en voiture. Maintenant c'est fait.
Allez zou y'a plus qu'à tester.

karl,

@sebsauvage Moi ce que je regrette surtout c'est le fait qu'on peut pas passer des appels Signal sur Android Auto.

jerry, (edited ) to random

Which Linux shell should i be using and why?

karl,

@jerry Next up: vim or emacs?

jerry, to random

I got Lacie to wave to the camera

video/mp4

karl,

@jerry Thank you for making the day a little bit brighter with this.

karl, to random

The Babylonians knowing about the Pythagorean theorem way before Pythagoras proves that time travel is real.

That's exciting.

https://link.springer.com/article/10.1057/jt.2009.16

b0rk, (edited ) to random
@b0rk@jvns.ca avatar

does anyone have tips for how to make sense of git merge histories like this? do you use git log --first-parent? git log --topo-order --no-merges? something else? how can you tell if commit A was merged before or after commit B? what if there are "backwards" merges like in the 3rd screenshot?

(no "just make the history linear” or "merges are bad" takes please)

karl,

@b0rk Pray that the mergecommit messages are useful, and use git log --merge.

If something needs more investigation, run the log on the merged branch's parent.

jerry, to random

So, do we still love Firefox because it’s not chrome or do we hate it because Mozilla is now in the AI business?

karl,

@jerry We love Mozilla a little less for the AI nonsense, but we still have to go with Firefox if we want to do our part for a free web.

codinghorror, to random

Fuck the headphone jack. Like the floppy drive before it, nothing has ever been more deserving of death. ☠️ It's called "the future", maybe look into it?

karl,

@codinghorror Fuck wireless headphones. They always run out of juice at the most inconvenient times and only last a couple years before the non-serviceable batteries are dead.

Wired headphones being passive will always work as long as the source works, and for now jack ports are the only real option.

I'm all for progress but give me a technological leap that doesn't require a pair of buds that's going to the trash if I don't use them for a long period.

jerry, to random

I just saw a very old thread about the CVS pharmacy website giving an error message about using a modern browser in response to unexpected user agent strings. The consensus is that’s a bad thing. I would otherwise agree, if not for running Infosec.exchange. I sort through a significant number of issues that turn out to be incompatibilities with older browsers that don’t support certain features. As a bonus, sometimes the person experiencing the issue sees errors in their browser console and accuses me of trying to hack them. I can’t imagine a website with 1000x the visitors, as CVS likely has.

karl,

@jerry I'm here because the lights were on and it seemed welcoming, not because I'm particularly good at computers. :p

karl, to random

@Sable Le guessthegame du jour y avait une chance sur deux. :D

karl,

@Sable Sur 2, parce que tu pouvais mettre n'importe laquelle des deux versions. :p

0xabad1dea, to random

My husband: someone asked me to teach them about hybrid mismatching

Me: is that… a magic the gathering mechanic?

Him: it’s a tax avoidance mechanic

karl,

@0xabad1dea Oh please don't give WOTC's R&D ideas.

b0rk, (edited ) to random
@b0rk@jvns.ca avatar

i have this long term project I've been slowly thinking about for years to figure out how to help folks get more comfortable on the unix command line.

I have this sense that there are a lot of people who have been using the command line for 5-20 years but still don't really feel at home there

(not looking for advice, it's just something I'm thinking about)

some related posts:
https://jvns.ca/blog/2023/08/08/what-helps-people-get-comfortable-on-the-command-line-/
https://jvns.ca/blog/2022/04/12/a-list-of-new-ish--command-line-tools/

karl,

@b0rk Woah the list of new tools is invaluable.

b0rk, to random
@b0rk@jvns.ca avatar

today I'm thinking about the tradeoffs of using git rebase a bit. I think the goal of rebase is to have a nice linear commit history, which is something I like.

but what are the costs of using rebase? what problems has it caused for you in practice? I'm really only interested in specific bad experiences you've had here -- not opinions or general statements like “rewriting history is bad”

karl,

@b0rk It takes time when you strive to do it well. It's a cost I'm happy to pay, as rewriting history can make for a much smoother code review for my peers, but it is a cost nonetheless.

b0rk, (edited ) to random
@b0rk@jvns.ca avatar

what git jargon do you find confusing? thinking of writing a blog post that explains some of git's weirder terminology: "detached HEAD state”, "fast-forward", "index/staging area/staged", “ahead of 'origin/main' by 1 commit”, etc

(really only looking for terms that you personally find confusing, not terms that you think someone else might be confused about)

karl,

@b0rk When rebasing with submodules, the local/remote is super confusing. I always mix them up.

mcc, to random
@mcc@mastodon.social avatar

Hey

  • Do people over 40 keep telling you you should use IRC and IRC is better than Discord and Slack?
  • Did you try IRC and it wasn't better at all?
  • Do you need to use an IRC channel but IRC is a pain?
  • Use irccloud.com
  • It's free, it has a website interface that's like Discord, it has a phone app, it even lets you paste images into IRC
  • Downside: If you connect only from phone, they DC you after a bit unless you're on the paid plan. Get around this by leaving a web tab open on a desktop
karl,

@mcc Quassel used to be quite nice but I have not caught up with these things in a few years.

karl, to random

So much kindness. Such inner violence. Alcest is a giant amongst giants.

mjg59, to random
@mjg59@nondeterministic.computer avatar

While there's no evidence that the alleged Signal vulnerability actually exists, it is worth bearing in mind that link previews do end up with third parties sending you media that gets pushed through a bunch of complex parsing code that's mostly written in C and if you have a sufficiently conservative threat model then disabling the feature is a sensible choice

karl,

@mjg59 Agreed. After seeing the reply from Signal, I figured I didn't need that feature anyways, and that since it was an obvious potential increase in attack surface I would not turn it back on.

kevinrothrock, to random

discuss

karl,

@kevinrothrock That's above my paygrade. All I can say is violence sucks and makes me sad.

karl, to random

Security theater, example 559281.

(Thank God I'm not planning to use it as a security device)

Let's have a look at the bottom of the packaging. Surely there's a seal too?
Nope, no seal. It pops open easily without breaking the original seal.
The security camera is out of the box with a untouched seal still on the package.

karl,

Think outside the box, I guess?

I'm sorry, I'll see myself out.

0xabad1dea, to random

Hang on, where’s my copy of Lord of the Rings?

No no, in English.

That’s… even less English.

Ah, here’s the Eng—

… this isn’t even a joke, I can’t find my English copy of Lord of the Rings

Photo of a copy of lord of the rings in Italian
Photo of a book spine of lord of the rings that’s clearly in English
Surprise! It’s in Chinese

karl,

@0xabad1dea Celeborn isn't the only one saying Helaas, I see.

whitequark, to random
@whitequark@mastodon.social avatar

my favorite part of using @matrix is being gaslit by the main messenger I'm using to communicate with those I care about

love to see a series of messages described as "delivered" and "seen", then compare screenshots and find out that many of them just never were

karl,

@whitequark One could say Matrix fails to deliver on more than one front, then.

(I'll see myself out)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •